This site may earn affiliate commissions from the links on this page. Terms of use.

The group calling themselves Guardians of Peace continue to leak data stolen from Sony Pictures. This time around, they’ve dumped everything from celebrity phone numbers and their travel aliases to the social security numbers and addresses of Sony staff.

They’ve also followed up the leak of five Sony films with the release of a number of scripts for both televisions series and movies. The financial implications for Sony could be huge, though there’s still plenty of speculation going on that this could be part of an elaborate publicity stunt for The Interview.

Possible? Perhaps, but it seems highly unlikely. Would Sony have gone through the trouble of fabricating fake databases full of bogus Social Security numbers, celeb contact information (like Brad Pitt’s phone number), and allowed unreleased films (and scripts for upcoming ones) to be released as part of such a stunt?

Then there’s the question of North Korean involvement. While the state has denied any involvement, some think that GoP may at least be supporters of Kim Jong Un. Their motivation, however, may be more financial than patriotic.

In the days before the actual hack that cause Sony to take their computer network offline, executives received a threatening email. The senders didn’t ask Sony to cancel the release of The Interview. They asked for money. The fact that they’re now following up that original missive with statements referencing the film may just be a misdirection.

The good news for Sony is that the damage controls they’ve set up appear to be working. Just a few short hours after GoP posted a list of download locations for the latest leak to Github the files had been taken offline due to infringement requests. A few news outlets managed to get their hands on the files, and they’re rabidly poring over critically important details like who got paid more to be in The Interview, Seth Rogen or James Franco?

In a prepared statement, Sony Pictures CEO Michael Lynton told his employees that the hack was “an unprecedented and highly sophisticated attack.” The source of the breach has not yet been revealed, but according to one security firm on the outside of the Sony investigations the company needs this to be a “highly sophisticated attack” if they have any hopes of saving face.

Given what we already know, however — like the fact that Sony’s staff clearly weren’t working in a corporate culture that put an emphasis on best practices — there’s a decent chance that the breach could have been kicked off by a relatively simple spear phishing campaign. I don’t know about you, but I’m not confident that people who are obviously very comfortable storing passwords in unprotected documents in a folder called “Passwords” have the necessary skills to identify a phishing email when they see one.